Skip to main content

 

 

Cisco Defense Orchestrator

Custom IPS Policy in an FTD Access Control Rule

You cannot have more than one instance of the same custom IPS policy associated to a single device.

Note: Associating an IPS policy with an access control rule means that passing traffic is submitted to deep packet inspection. The only supported rule action for an access control rule with an IPS policy is Allow

Use the following procedure to associate a custom IPS policy to an FTD device:

  1. Create a custom IPS policy. See Create a Custom IPS Policy for more information.
  2. From the CDO Navigation pane, select Policies. Click FTD / Meraki / AWS Policies.
  3. Scroll or filter through the list of FTD policies and select the policy you want to associate with a custom IPS policy. 
  4. Click the blue plus button cli_create_plus.png.
  5. In the Order field, select the position for the rule within the policy. Network traffic is evaluated against the list of rules in numerical order, 1 to "last."
  6. Enter the rule name. You can use alphanumeric characters, spaces, and these special characters: + . _ -
  7. Select the Intrusion Policy tab. Expand the drop-down menu to see all the available intrusion policies and select the desired custom IPS policy. 
  8. Define the traffic matching criteria by using any combination of attributes in the remaining tabs:  Source/DestinationURLsApplications, and File Policy
  9. (Optional) Click the logging tab to enable logging and collect connection events reported by the access control rule.
  10. Click Save
  11. Review and deploy now the changes you made, or wait and deploy multiple changes at once.
  • Was this article helpful?